DNS is a critical and foundational protocol of the internet - often described as the phonebook of the internet, which maps the domain names to IP addresses. However, DNS' ubiquity (and frequent lack of scrutiny) can enable very elegant and subtle methods for communicating, and sharing data, beyond the protocol's original intentions. Free tools are available for attackers to create covert channels over DNS for the purposes of hiding communication or bypassing policies put in place by network administrators.
This project theme (and its subprojects) represents a collective effort in understanding the security loopholes related to DNS service and developing methods to identify abnormal DNS traffic for risk mitigation.
Students in this project will be guided by the supervisors and complete the following tasks related to different aspects of DNS security:
- To complete a literature review on DNS security issues and the corresponding state-of-the-art mitigation methods
- To develop various methods to identify abnormal DNS traffic, and evaluate the performance against state-of-the-art methods
- To develop methods to identify encrypted DNS traffic, such as DNS over https, or DNS over TLS, and evaluate the possibility of a complete detection
- To establish and maintain an open-source repository for the related research data sets, and the developed tools
- Anomaly Detection, DNS, Machine Learning, Python Programming.
- Python Programming
- GitHub Repository
- Markdown document
-
Foundational Internet knowledge, especially DNS queries/responses and related protocols, coding
-
Python programming, data science, machine learning, pattern recognition
There will be a varies of extra skills for the team members:
- Documentation
- GUI
No special hardware, and common open packages only.